IBM Support

Potential security vulnerability for WebSphere Application Server affects WebSphere Enterprise Service Bus due to the Java HashTable implementation (CVE-2012-0193)

Technote (troubleshooting)


Problem(Abstract)

A potential security exposure is due to the Java HashTable implementation, which can result in a Denial of Service (DoS).

Diagnosing the problem

A security exposure exists in all versions of WebSphere Application Server, which have shipped with WebSphere Enterprise Service Bus. This issue can cause a large number of HashTable collisions due to specially crafted HTTP request parameters. With too many collisions, performance is significantly impaired and can lead to a denial of service.

Resolving the problem

Document information

More support for: WebSphere Enterprise Service Bus
General

Software version: 6.1, 6.1.2, 6.2, 7.0, 7.5, 7.5.1

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Reference #: 1594766

Modified date: 2012-05-10